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CLAIMS 

A method of downloading at least part of an application to an MPEG 
iiver/decoder, comprising the steps of: 
ling the application into a plurality of modules; 
formatting each of the modules as a respective MPEG table, the tables having the same 
table identification ("TID") and respective different table identification extensions 
("TID-extfensions") other than a predetermined TID-extension; 

generating aMirectory MPEG table for the modules having the same said TID and said 
10 predetermined \TID-extension, the directory containing for each of the modules a name 
of that module afe\d the respective TID-extension; 

cyclically transmitting the directory MPEG table and the module MPEG tables in an 
MPEG bit stream; and^ 
at the MPEG receiver/d^fcoder:- 
15 receiving the MPECk bitstream; 

downloading that one\pf the MPEG tables having the predetermined TID- 
extension so as to download the directory MPEG table; 

determining from the conteht of the directory MPEG table the TID-extensions 
of the module MPEG tables; \nd 
20 downloading at least one of the inodule MPEG tables having the same TID as 

that of the downloaded directory MPEG table and a TID-extension determined 
from the downloaded directory MPEGotable. 

2. A method as claimed in claim 1, further comprising the steps of: 
25 including in the transmitted directory MPEG table a version identification therefor; and 
at the receiver/decoder: - 

determining whether the version identification oK the currently transmitted 
directory MPEG table is more recent than the version identification of the 
currently downloaded directory MPEG table, and if soVepeating the steps of 
30 downloading the directory MPEG table, determining the TID-extensions, and 

downloading at least one of the module MPEG tables. 
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A method as claimed in claim 1 wherein at least one of the module MPEG 
tables is formatted as a plurality of MPEG sections which are transmitted separately in 
the MPEG bitstream, each of the MPEG sections containing in a predetermined portion 
thereof an identification of that MPEG section in the MPEG table and an indication of 
the number of the sections in a MPEG table. 



4. An MPEG receiver/decoder for use in performing part of the method of aay - 
- p r eceding clami, 'comprising: 
a receiver for receiving the MPEG bitstream; 

10 a storage means; Vnd 

processing means w^iich is programmed to cause that one of the received MPEG tables 
having the predetermined TID-extension to be downloaded to the storage means, to 
determine from the content of the directory MPEG table the TID-extensions of the 
module and MPEG tableland to cause at least one of the module MPEG tables having 

15 the same TTD as that of th\ downloaded directory MPEG table and a TID-extension 
determined from the downloaded directory MPEG table to be downloaded to the storage 
means. 



5. A receiver/decoder as claimed^in claim 4 -for use with the - me thod^?f--ek«Rg2 > 
20 wherein the processing means is programmed to determine whether a version 

identification of the currently received directory MPEG table is more recent than a 
version identification of the downloaded directory MPEG table, and if so to repeat the 
downloading of the directory MPEG table, determination of the TID-extensions and 
downloading of at least one of the module MPEG tables. 

25 

6. A receiver/decoder as claimed in claim 4 or 5, for use with the method of clai m- 
$\ wherein the processing means is programmed to\ause the MPEG sections to be 
repeatedly downloaded to the storage means until the processing means determines from 
the section identifications and the section number indicationspf the downloaded sections 

30 that all of the sections have been downloaded. 

7. A receiver/decoder as claimed in -any-of claims' 4 to-6, ^rther comprising a 

A 
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parallel port and/or a serial port arranged to receive an application formatted as at least 
ode MPEG table. 

8. ^n MPEG transmission system comprising: 
5 means fokdividing into a plurality of modules an application to be downloaded to an 
MPEG receiver/decoder; 

means for formatting each of the modules as a respective MPEG table, the tables having 
the same TID anctaespective different TID-extensions other than a predetermined TID- 
extension; 

10 means for generating k directory MPEG table for the models having the same said TID 
and said predetermined Tip-extension, the directory containing for each of the modules 
a name of that module and\the respective TlD-extension; and 

means for cyclically transmitting the directory MPEG table and the module MPEG 



15 



20 



tables in an MPEG bitstream. 



9. A system as claimed in claim 8, further comprising means for generating a 
version identification for the directoryVlPEG table; and wherein the directory MPEG 
table generating means is operable to include in the directory MPEG table the generated 
version identification therefor. 



10. A system as claimed in claim 8,0^, wherein the module formatting means is 
operable to format at least one of the module MI^EG tables as a plurality of MPEG 
sections each containing in a predetermined portion^hereof an identification of that 
MPEG section in that MPEG table and an indication^ of the number of the MPEG 
25 sections in that MPEG table. 



11. A method of downloading data to an MPEG receiver/decoder, comprising the 
steps of: 

generating a signature for the data to be downloaded; 
30 encrypting the signature using a private key; 

formatting the data to be downloaded, the encrypted signature and an identification for 
the private key as an MPEG table; 
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ti^nsmitting the MPEG table; and 
at fjie receiver/decoder:— 

receiving the MPEG table; 

selecting one of a plurality of public keys in accordance with the key 
identification in the received MPEG table; 

decrypting the encrypted signature in the received MPEG table using the 
selected public key to provide a decrypted signature; 
generating a signature for the data in the received MPEG table; and 
company the decrypted signature and the signature generated at the 
receiver/decoder for the received data. 



15 



12. A method as Claimed in claim 11, further comprising the steps of downloading 
to the receiver/decoder an application having a signature encrypted using a private key 
having a predetermined key identification; running the application at the 
receiver/decoder to cause the receiver/decoder to receive a further key; storing the 
further key in an area of volatile memory of the receiver/decoder. 



20 



13. A method as claimed inV claim 12, wherein during the step of running the 
application, the further key is supplied locally to the receiver/decoder. 

14. A method as claimed in claim \3, wherein the further key is supplied to the 
receiver/decoder via a parallel port, ^rial port or smart card reader of the 
receiver/decoder. 



25 15. 



A method as claimed in any of claims llv to 1 4, further including the steps, at 



pr6t 



the receiver/decoder, of looking up, in a protected area of memory of the 
receiver/decoder, a validation flag for the selected puolic key, and inhibiting or aborting 
downloading of the data if the looked-up flag is not set. 



30 16. A method as claimed in claim 15 when - d e pendent on ^ a ny of c lairo s-42-te-44^ 
wherein, in the protected area of memory of the receiver/decoder^the private key having 
the predetermined key identification has a validation flag which cambe changed by said 
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application, and an ability to receive such a further key is determined in dependence 
>n the state of that validation flag. 



10 



15 



20 



25 



30 



17. . \A method of downloading data to an. MPEG receiver/decoder, comprising the 
steps ofN 

generating^ signature for the data to be downloaded; 
encrypting the signature using a private key; 

formatting the (data to be downloaded, the encrypted signature and an identification for 
the private key ak an MPEG table; 
transmitting the MPEG table; and 
at the receiver/decode^: - 

receiving the MPEG table; 
looking up, in a protected area of memory of the receiver/decoder, a validation 
flag for a public key corresponding to the private key identified in the received 
MPEG table; and 
if the iooked-up flag is sefcr- 

decrypting the encrypted signature in the received MPEG table using the 
public key corresponding to be private key identified in the received 
MPEG table to provide a decrypted signature; 

generating a signature for theMata in the received MPEG table; and 
comparing the decrypted signature and the signature generated at the 
receiver/decoder for the received a^ta. 

18. A method as claimed in-a ny of claims 11 -to-j^sfurther including the steps of:- 

A \ 
generating a validation code for the data to be downloaded, the validation code being 

encrypted with the signature in the encryption step and\emg decrypted with the 
signature in the decryption step; 

looking up a stored validation code in a protected area \)f memory of the 
receiver/decoder; and 

comparing the looked-up validation code and the decrypted validation N code. 



19. A method of downloading data to an MPEG receiver/decoder, comprising the 
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fteps of:- 

tnerating a validation, code for the data to be downloaded; 
generating a signature for the data to be downloaded, or a part thereof; 
enaVpting the validation code and the signature using a private key; 
5 formatting the data to be downloaded and the encrypted validation code and signature 
as at least one MPEG table; 
transmitting the or each MPEG table; and 
at the receiver/decoder: - 

receWing the or each MPEG table; 
10 decrypting the encrypted validation code and signature in the received MPEG 

tables(s\ using a public key corresponding to the private key; 
looking up a stored validation code in a protected area of memory of the 
receiver/decoder; 

comparing the\looked-up validation code and the decrypted validation code; 
15 generating a signature for the data in the received MPEG table(s) or said part 

thereof; and 

comparing the decrypted signature with the signature generated at the 
receiver/decoder for theVreceived data. 

20 20. A method as claimed in claim 18 .©f-i^, further including the step of inhibiting 
or aborting downloading of the dataif, in the validation code comparing step, the 
looked-up validation code and the decrypted validation code do not match each other. 

cJl«^ It \ 

21. A method as claimed in -any--Q£-claHRSN^ wherein the signature of the 

A \ 

25 data to be downloaded is encrypted in a block qf^ data including other data, with a 
selected offset between the start of the data block and^the start of the signature, and the 
encrypted data block is decrypted in the decryption step at the receiver/decoder, and 
further including the steps, at the receiver/decoder, of looking up at least one stored 
offset in a protected area of memory of the receiver/decoder, and extracting the 

30 signature from the decrypted data block using said one looked-up offset from the start 
of the decrypted data block. 
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22. A method of downloading data to an MPEG receiver/decoder, comprising the 
^steps of:- 

snerating a signature for the data to be downloaded; 
including the signature and other data in a block of data with a selected offset between 
the s\$it of the data block and the start of the signature} 
encrypting the data block using a private key; 

formatting the data to be downloaded and the encrypted data block as an MPEG table; 
transmittingvthe MPEG table; and 
at the receiveydecoder:- 

receivink the MPEG table; 

decrypting, the encrypted data block in the received MPEG table using a public 
key corresponding to the private key; 

looking up at\least one stored offset in a protected area of memory of the 
receiver/decoder^ 

extracting the sign^ure from the decrypted data block using said one looked-up 
offset from the start erf the decrypted data block; 
generating a signature ror the data in the received MPEG table; and 
comparing the signature \xtracted from the decrypted data block with the 
signature generated at the receiver/decoder for the received data. 

23. A method as claimed in claim 21 V 2% wherein said protected area of memory 
has at least two such stored offsets, and, if ihsthc comparing step the extracted signature 
and the generated signature do not match, further including the steps of repeating the 
looking-up, extracting and comparing steps usinte another of the stored offsets. 

24. A method as claimed in^a ny of c laims - 21 to ^ wherein at least some of said 
other data in the block of data is dummy or arbitrary data. 



25. A method as claimed in<any- of claims 11 to^24 , wherein the data is downloaded 

A \ 
30 as a plurality of modules of the data, and including the steps of>- 

generating a module signature for each module of data to be downloaded; 

formatting the modules of data as respective module MPEG tables*N 
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generating a directory including an identification of each module MPEG table and the 
respective signature, the directory being the subject of the signature generating step-ef— 

^H» f claims 11 t o^ ; and 
at the\receiver/decoden- 

^enerating a respective module signature for each of the modules in the received 
iriodule MPEG tables; and 
comparing each module signature in the received directory MPEG table with the 
respective module signature generated at the receiver/decoder. 

10 26. A methqd of downloading a plurality of - modules of data to an MPEG 
receiver/decoder, Comprising the steps of:- 

generating a module\signature for each module of data to be downloaded; 
formatting the modules, of data as respective module MPEG tables; 
generating a directory including an identification of each module MPEG table and the 
15 respective signature; 

generating a directory signature for the directory; 
encrypting the directory signature using a private key; 

formatting the directory and the encrypted directory signature as a directory MPEG 
table; 

20 transmitting the directory and module ^^IPEG tables; and 
at the receiver/decoder:- \ 
receiving the directory and module MPEG tables; 

decrypting the encrypted directory signature in tlie received directory MPEG table using 
a public key corresponding to the private key; \ 
25 generating a directory signature for the directory in the received directory MPEG table; 
comparing the decrypted directory signature and the directory signature generated at the 
receiver/decoder; 

generating a respective module signature for each of the\modules in the received 
module MPEG tables; and 
30 comparing each module signature in the received directory S^PEG table with the 
respective module signature generated at the receiver/decoder. 
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^7. A method as claimed in claim 25 further including the step of inhibiting 

onaborting downloading of such a module of the data if, in the module signature 
comparing step, the module signature in the received directory MPEG table and the 
respective module signature generated at the. receiver/decoder for that module do not 
5 match each other. 

\ cJL*a~~ If 

28. A method as claimed ii yany of -c laims 11 lu 27, further including the step of 

inhibiting oraborting downloading of the data if, in the comparing step(s), the or each 
decrypted signature and the generated signature do not match each other. 

10 \ 

29. An MPEG receiver/decoder for use in performing part of the method of claim 
11, comprising: \ 

means for receiving such MPEG tables; 

means for storing a plurality of public keys and an identification for each of the public 

15 keys; and \ 

processing means which is programmed to select one of the stored public keys in 
accordance with the key identification in the received MPEG table; to decrypt the 
encrypted signature in the received MPEG table using the selected public key to provide 
a decrypted signature; to generate a\signature for the data in the received MPEG table; 

20 and to compare the decrypted signature and the signature generated at the 
receiver/decoder for the received data. 

30. A receiver/decoder as claimed in claim 29, wherein the key storing means is 
provided by ROM. 

25 

31. A receiver/decoder as claimed in claim 29 £^-3©; wherein the identification for 
each of the public keys is provided by the storage location of that public key in the key 
storing means. 

30 32 A receiver/decoder as claimed in .ai^M^cla«RS-29-tt ral - for use in the me thod- 

A \ 
^f-ehrinHb4, further including an area of volatile memory, and ^herein the processing 

means is operable to download an application having a signature\encrypted using a 
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ivate key having a predetermined key identification, to run the application to cause 
theVeceiver/decoder to receive a further key, and to cause the further key to be stored 
in thoarea of volatile memory. 



33. A\receiver/decoder as claimed in claim 32, further including means to receive 
such a further key which is supplied locally to the receiver/decoder. 



34. A receiver/decoder as claimed in claim 33, wherein the further key receiving 
means is provide^ by a parallel port, serial port and/or smart card reader of the 

10 receiver/decoder. 

35. A receiver/decoder as claimed in any of clai m s 32 lu * 34 , wherein the volatile 

\ A 

memory is provided by 



20 



37^ 



15 36. 



A receiver/decoder as clamed in ^any of efe tims 29 lu 35 for usdirth e m et hod - 



of claim 15, further including a protected area of memory for storing a validation flag 
for each of at least some of the public keys, and wherein the processing means is 
programmed to look-up, in the protected area of memory, the validation flag for such 
a selected public key, and to inhibit or abqrt downloading of the data if the looked-up 
flag is not set. 



25 



37. A receiver/decoder as claimed in claim 3d\ \vhen dependent o e-any of-claims-32— 
-4o-3£, further including a protected area of memory\for storing a validation flag for the 
private key having the predetermined key identification, and wherein the processing 
means is operable when running said application to change that validation flag and is 
operable to enable the further key to be so stored in dependence upon the state of that 
flag. 



38. An MPEG receiver/decoder for use in performing part of\the method of claim 
30 17, comprising: 

means for receiving such MPEG tables; 

means for storing a public key and an identification for the public key\and 
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,a protected area of memory for storing a validation flag for the public key; and 
processing means which is programmed to look-up, in the protected area of memory 
I the receiver/decoder, a validation flag for the public key corresponding to the private 
keyv identified in the received MPEG table; and, if the looked-up flag is set, to decrypt 
5 the ekcrypted signature in the received MPEG table using the public key corresponding 
I to be ^private key identified in the received MPEG table to provide a decrypted 

* signature, to generate a signature for the data in the received MPEG table; and to 

compare the decrypted signature and the signature generated by the receiver/decoder for 
the received data. 

c ^ 39. A receiver/decoder as claimed in -any of - claims 36 to -38 , wherein the memory 

for storing the key validation flag(s) is provided by rewritable non-volatile memory. 

40. A receiver/decoder as claimed in^a& y of claims 30 t& 39 9 and in the case where 
15 a plurality of such public keys are stored, wherein the memory for storing the validation 

flag(s) is arranged as a bitmap. 

41. A receiver/decoder acclaimed in any-e f claims 29 to 1 0 for us e in the method 
■ of claim-*?, further including ^protected area of memory for storing a validation code, 

20 and wherein the processing meanks programmed to decrypt the validation code in such 
a received MPEG table, to look-up^the stored validation code, and to compare the 
looked-up validation code and the decrypted validation code. 

42. An MPEG receiver/decoder for usevin performing part of the method of claim 
25 17, comprising: 

means for receiving such MPEG tables; 

means for storing a public key and an identification for the public key; 
a protected area of memory for storing a validationVode; and 

processing means which is programmed to decrypt the encrypted validation code and 
30 signature in such a received MPEG tables using the stored^public key corresponding to 
the private key; to look-up the stored validation code in the^rotected area of memory; 
to compare the looked-up validation code and the decrypted validation code; to 
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generate a signature for the data in the received MPEG table or said part thereof; and 
to compare the decrypted signature with the signature generated by the receiver/decoder 
fo\the received data. 



43. \^ receiver/decoder as claimed in claim 41 ,©f-42, wherein the processing means 
is programmed to inhibit or abort downloading of the data if the looked-up validation 
code and tnp decrypted validation code do not match each other. 

44. A receiver/decoder as claimed in«*y^of claims 41 to 43, wherein the memory 
10 for storing the validation code is provided by rewritable non-volatile memory. 

45. A receiver/decbder as claimed in anyof- elaims 41 to 44, wherein the memory 
for storing the validation^ codes is arranged as a bitmap. 

P^V. 15 46. A receiver/decoder a\claimed in^a ny of c iaims--29no^45Hft^^ 

claimed- in Udint 21, further including a protected area of memory for storing at least 
one offset, and wherein the processing means is programmed to decrypt the encrypted 
data block in such a received MPIKj table, to look-up said one stored offset in the 
protected area of memory, and to extract the signature from the decrypted data block 
20 using the looked-up offset from the start of the decrypted data block. 



47. An MPEG receiver/decoder for use i^i performing part of the method of claim 
22, comprising: 

means for receiving such MPEG tables; 
25 means for storing a public key and an identification for the public key; 
a protected area of memory for storing at least one^ffset; and 

processing means which is programmed to decrypt the encrypted data block in such a 
received MPEG table using the stored public key corresponding to the private key; to 
look-up said one stored offset in the protected area of memory; to extract the signature 
30 from the decrypted data block using the looked-up offsetXfrom the start of the 
decrypted data block; to generate a signature for the data in the received MPEG table; 
and to compare the signature extracted from the decrypted data blodcswith the signature 
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^generated at the receiver/decoder for the received data. 

O^- 48\ A receiver/decoder as claimed in claim 46 or A% wherein at least two such 

offsets are stored in the protected area of the memory, and the processing means is 
^ 5 operable, if the extracted signature and the generated signature do not match, to repeat 

the looki^g-up, extracting and comparing using another of the stored offsets. 

0^ 49 A receiver/decoder as claimed in stny~e£-clai$BS--46-er'^, wherein the memory 

\ ^ 
for storing the\)ffset is provided by rewritable non-volatile memory. 

10 \ qJU^~ x 

50. A receiver/decoder as claimed ii ^a n y o f claims 2 9 iu 49 fui use i n-a-4aeihod-as- 
1 Claimed - in claim 2 5 a wherein the processing means is programmed to generate a 
respective module signature for each of the modules in the received module MPEG 
tables, and to compare each module signature in the received directory MPEG table 

15 with the respective moduleVignature generated by the receiver/decoder. 

51. An MPEG receiver/decoder for use in performing part of the method of claim 
26, comprising: 

means for receiving such directory \nd module MPEG tables; 
20 means for storing a public key and aiv identification for the public key; and 

processing means which is programmed\o decrypt the encrypted directory signature in 
the received directory MPEG table using\the stored public key corresponding to the 
private key; to generate a directory signatureSfor the directory in the received directory 
MPEG table; to compare the decrypted directory signature and the directory signature 
25 generated by the receiver/decoder; to generate a\espective module signature for each 
of the modules in the received module MPEG tables; and to compare each module 
signature in the received directory MPEG table with\the respective module signature 
generated by the receiver/decoder. 



30 



52. A receiver/decoder as claimed in claim 50 <er5lT, wherein the processing means 
is programmed to inhibit or abort downloading of such a module of the data if the 
module signature in the received directory MPEG table and the respective module 



WO 98/43431 



m 



# 



PCT/EP97/02111 

- 43 - 

at the receiver/decoder for that module do not match each other. 




53. A receiver/decoder as^fclaimed in-afty-©£-eteimir29 Lu 52, wherein the processing 
means is programmed to inhibit or abort downloading of the data if the or each 
5 decrypted signature and the generated signatur^dc^not match each other. 



54. A method of downloading at/least part of an application to an MPEG 
receiver/decoder, substantially as described with reference to the drawings. 



10 55. An MPEG receiver/decoder substantially as described with reference to the 
drawings. / 

56. An MPEG transmissigk system substantially as described with reference to the 
drawings. 



